RE: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

[gary]

Hi Sam and SPDX tech team,

 

Both good points.

 

Since I won’t be in Berlin this week, below are my thoughts on the issues Sam 
brought up.

 

From: spdx-tech-boun...@lists.spdx.org 
[mailto:spdx-tech-boun...@lists.spdx.org] On Behalf Of Sam Ellis
Sent: Wednesday, October 5, 2016 12:29 AM
To: Kate Stewart; spdx-tech@lists.spdx.org; SPDX-general
Subject: RE: SPDX Bake off to compare tools generating code for the SPDX 2.1 
specification on October 6, 2016.

 

Hi,

 

Whilst preparing for SPDX bakeoff I noticed a few issues with my interpretation 
of the specification that may be worth discussion.

 

Firstly a number of fields in tag files contain arbitrary text enclosed within 
... tags. I found examples where the text I am including within 
these tags does itself contain HTML/XML tags from the source document. The 
inclusion of non-SPDX tags within the  tags makes it hard to spot the end 
of the . This raises the question of whether the text within  tags 
ought to be escaped in some way? I did not find anything on this point in the 
SPDX specification (apologies if I missed anything).

 

[Gary]I don’t feel strongly about this since I work mostly on the RDF/XML 
representations of SPDX.   I did run into one situation where the escaping 
would have been useful (one of the fields was referencing text from an SPDX 
document which included the text tags).  Adding escaping would increase the 
effort and complexity for the tools.  This occurs infrequently enough, I’m not 
sure it is worth the effort.  If we do want to go down this path, I would 
suggest using a standard escaping mechanism such as that used in XML.

 

Secondly, I noticed that in the tag field PackageLicenseInfoFromFiles I am 
including license exceptions, for example:

 

PackageLicenseInfoFromFiles: Classpath-exception-2.0

 

However, I think my use is incorrect. The spec says a license identifier is 
needed here, and a license exception identifier is not a license identifier. I 
cannot alternatively use "license WITH exception" here because this is an 
expression not a license identifier. This raises the question, how should 
exceptions be represented in PackageLicenseInfoFromFiles, if at all?

 

[Gary] I have been (incorrectly) using license expressions for this field ever 
since 1.0.  I just went back and looked at the spec.  You are correct, it does 
not include a license expression.  There is another issue with not including 
the license expression – it would not allow the “or-later” operator “+” since 
that is not part of the license ID.  I would fully support using a license 
expression to resolve these issues.  If there is concern that introducing a 
license expression creates “interpretation” on the found licenses, we could 
limit the expressions to specific operators.  My preference would be to allow 
the full set of operators.

 

I appreciate your thoughts on these issues.

 

From: spdx-tech-boun...@lists.spdx.org 
[mailto:spdx-tech-boun...@lists.spdx.org] On Behalf Of Kate Stewart
Sent: 22 September 2016 19:58
To: spdx-tech@lists.spdx.org; SPDX-general
Subject: SPDX Bake off to compare tools generating code for the SPDX 2.1 
specification on October 6, 2016.

 

Hi, 

The SPDX tech team will be hosting an  <http://sched.co/8BLk> SPDX Tools 
BakeOff at LinuxCon Europe on 6 October 2016.  Participation can be remote by 
phone or in person. The Bake-off (also known by some as a Plugfest) will focus 
on comparing SPDX Documents generated with SPDX specification 2.1 features 
along with answering any questions people may have about the new revision.

For more information on how to participate,  please read  
<https://docs.google.com/document/d/1If-acGnVHkHABXDAQCJwHQHx4TTKsOtGu0-iAfaNDso/edit>
 Background info for the SPDX 2.1 Bake-off in LinuxCon Europe.

If you have questions, please send email to  
<mailto:spdx-tech@lists.spdx.org?subject=SPDX%202.1%20Bakeoff%20Question> 
spdx-t...@spdx.org

Thanks on behalf of the SPDX tech team,   Gary & Kate

 

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you. 

___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

RE: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

[Sam Ellis]

Hi,

Whilst preparing for SPDX bakeoff I noticed a few issues with my interpretation 
of the specification that may be worth discussion.

Firstly a number of fields in tag files contain arbitrary text enclosed within 
... tags. I found examples where the text I am including within 
these tags does itself contain HTML/XML tags from the source document. The 
inclusion of non-SPDX tags within the  tags makes it hard to spot the end 
of the . This raises the question of whether the text within  tags 
ought to be escaped in some way? I did not find anything on this point in the 
SPDX specification (apologies if I missed anything).

Secondly, I noticed that in the tag field PackageLicenseInfoFromFiles I am 
including license exceptions, for example:

PackageLicenseInfoFromFiles: Classpath-exception-2.0

However, I think my use is incorrect. The spec says a license identifier is 
needed here, and a license exception identifier is not a license identifier. I 
cannot alternatively use "license WITH exception" here because this is an 
expression not a license identifier. This raises the question, how should 
exceptions be represented in PackageLicenseInfoFromFiles, if at all?

I appreciate your thoughts on these issues.

From: spdx-tech-boun...@lists.spdx.org 
[mailto:spdx-tech-boun...@lists.spdx.org] On Behalf Of Kate Stewart
Sent: 22 September 2016 19:58
To: spdx-tech@lists.spdx.org; SPDX-general
Subject: SPDX Bake off to compare tools generating code for the SPDX 2.1 
specification on October 6, 2016.


Hi,

The SPDX tech team will be hosting an SPDX Tools BakeOff<http://sched.co/8BLk> 
at LinuxCon Europe on 6 October 2016.  Participation can be remote by phone or 
in person. The Bake-off (also known by some as a Plugfest) will focus on 
comparing SPDX Documents generated with SPDX specification 2.1 features along 
with answering any questions people may have about the new revision.

For more information on how to participate,  please read Background info for 
the SPDX 2.1 Bake-off in LinuxCon 
Europe<https://docs.google.com/document/d/1If-acGnVHkHABXDAQCJwHQHx4TTKsOtGu0-iAfaNDso/edit>.

If you have questions, please send email to 
spdx-t...@spdx.org<mailto:spdx-tech@lists.spdx.org?subject=SPDX%202.1%20Bakeoff%20Question>

Thanks on behalf of the SPDX tech team,   Gary & Kate

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

[Kate Stewart]

Hi Bradley,


On Thu, Sep 22, 2016 at 5:30 PM, Bradley M. Kuhn 
wrote:

> Kate,
>
> Kate Stewart wrote at 11:58 (PDT):
> > For more information on how to participate, please read Background info
> > for the SPDX 2.1 Bake-off in LinuxCon Europe.
>
> I and my colleagues sadly don't have a tool to participate in the bake-off
> this year, but in preparation for the future, and out of general curiosity:
>
> What are the licensing requirements are for software tools to enter the
> bake-off?  (i.e., do the tools have to be under a specific set of licenses
> to participate?  What are the rules in this regard?)
>

There are no licensing requirements for tools themselves to participate in
the bake-off,
the only requirement is that they are able to produce (and ideally consume)
valid
SPDX files.

We're pleased that FOSSology  is going to
participate for the first time in one
of our bake-off's in Berlin, which is a tool I believe you use already.


We've also got listed the community supported tools
 as well as the commercial tools

we know about on our web site, if you want to see the possible
participants.
All tools (even if they are not listed on the site) are welcome.

Hope this helps,
Kate
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

[Bradley M. Kuhn]

Kate,

Kate Stewart wrote at 11:58 (PDT):
> For more information on how to participate, please read Background info
> for the SPDX 2.1 Bake-off in LinuxCon Europe.

I and my colleagues sadly don't have a tool to participate in the bake-off
this year, but in preparation for the future, and out of general curiosity:

What are the licensing requirements are for software tools to enter the
bake-off?  (i.e., do the tools have to be under a specific set of licenses
to participate?  What are the rules in this regard?)

Thanks,
-- 
Bradley M. Kuhn
Distinguished Technologist of Software Freedom Conservancy

Become a Conservancy Supporter today: https://sfconservancy.org/supporter
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016.

[Kate Stewart]

Hi,

The SPDX tech team will be hosting an SPDX Tools BakeOff
 at LinuxCon Europe on 6 October 2016.  Participation
can be remote by phone or in person. The Bake-off (also known by some as a
Plugfest) will focus on comparing SPDX Documents generated with SPDX
specification 2.1 features along with answering any questions people may
have about the new revision.

For more information on how to participate,  please read Background info
for the SPDX 2.1 Bake-off in LinuxCon Europe
.


If you have questions, please send email to spdx-t...@spdx.org


Thanks on behalf of the SPDX tech team,   Gary & Kate
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech